Sign in / up

back to article If managing PCs is still hard, good luck patching 100,000 internet things

Internet of Things (IoT) hype focuses on the riches that will rain from the sky once humanity connects the planet, but mostly ignores what it will take to build and operate fleets of things. And the operational side of things could be hell. “IT can barely keep their desktops patched,” Splunk chief technology officer Snehal …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mark Honman

    On the oil rig there will already be a centralised control system, and raw data feeds into that. Not an IoT scenario, I'm afraid.

    The concept of very dumb "connected sensors" (cortex M0 at most!) is best for domestic use - with possible data concentration before upload to the processing centre.

    By data concentration I mean elimination of no-change or insignificant-change data - massively reducing data volumes.

    But that too is a unidirectional data flow, and security is best served by that edge box not being remotely accessible.

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Oil rigs

      Oil rings are (relatively) dumb but production platforms are a different kettle of custard. The control system isn't necessarily centralised - there will often be control processors local to the task in hand - as well as centralised ones. From where do you think the "D" in DCS (Distributed Control Systems) comes?

      0 1 Reply
    2. Roland6 Silver badge
      Reply Icon

      Re: Oil Rigs

      This example to me, shows that the "cloud guru's" still don't get it!

      They are still thinking in basic 2-tier client/sensor-central server/processing terms. When 'cloud' needs to be more of an n-tiered 'cached' processing architecture. So that if I need, or it is appropriate, local processing then I can simply interpose a local processing tier by installing a cloud server in a box in the comm's cupboard.

      Years back I built a multi-tiered ERP system, with an instance of the ERP system running at every factory site and at a central site. This meant each factory could run in isolation regardless of system outage at the central or in the comm's umbilical cord; so when the US HQ data centre went off-line for 5 days due to storm damage, none of the EU-based factories hiccuped. So no lost production...

      Simple really, just that it does require a little more thought to execute...

      1 1 Reply
      1. Matt Bryant Silver badge
        Reply Icon
        Thumb Up

        Re: Roland6 Re: Oil Rigs

        So you're suggesting dumb sensors all feeding into a local smart hub that then feeds the cloud? Seems a good idea to me. It also sounds like the preferred Intel option and one that would fit nicely with ARM.

        0 0 Reply
      2. bombastic bob Silver badge
        Reply Icon

        Re: Oil Rigs

        "They are still thinking in basic 2-tier client/sensor-central server/processing terms. When 'cloud' needs to be more of an n-tiered 'cached' processing architecture."

        when I see the 'tier' word I keep thinking a bunch of hype from the noughties, when the "3 tier solution" was seen as somehow 'inferior' to a 4-tier or 5-tier, like "more tiers" made it better...

        0 0 Reply
  2. MatsSvensson

    Requires *

    Looking forward to a future when every single atom will have its own IP-address, and its own "Hand over your google/Facebook/twitter-login to use"-prompt.

    4 0 Reply
    1. Ragarath
      Reply Icon

      Re: Requires *

      Looking forward to a future when every single atom will have its own IP-address,

      They already do, we just cannot read them yet, although quantum science seems to be getting there from a few things I have read (and think I understand a little?)

      A great read for the idea of this is Greg Bears 'Moving Mars' look it up.

      1 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Oh for Goodness Sake

    In the Article:

    The cloud colossus' APAC technology head Glenn Gore recently told El Reg AWS likes the idea of dumb things collecting data at the edge, then sending all the information they collect into a cloud for processing.

    And therein lies the fundamental problem with IoT. People like Glenn Gore see IoT as a tremendous data gathering opportunity. There's money in them thar data hills, just waiting to be mined for exploitation.

    However, for IoT to be successful you have to do way more than collect data. If you put something on the market to be installed by users in their homes, it's going to fail in the market if all it does is collect a bunch of data for the benefit of some cloud operator. The user has to be getting something in return, otherwise it's of no value to them and they won't buy it.

    And herein lies the problem. That value for end users is going to have to be "it does something useful". Something like turning the lights on, controlling the heating, monitors for movement whilst the user is away, smart door lock, etc. etc. And as soon as you have a device that does something in the home then security really, really matters. If you don't think security matters, just look at the trouble Nest got into when they introduced a mere bug into their thermostats last winter and peoples' houses went cold.

    This matters at a national scale too. The damage that could be wrought by turning on every home air conditioner in California all at once would be immense and has to be prevented. However it is very hard to guarantee that it cannot happen if everyone has gone and installed rubbish IoT aircon controllers with next to no security.

    So if your device is dumb and essentially defenceless then it's not going to be suitable for controlling anything in the home. As things are right now there's too many IoT devices out there that naively assume a home network is a benign environment. Wrong. Home networks are potentially awash with nasty code running in web browsers, etc. To survive intact in such an environment a device needs to be very well sorted indeed, and that probably means "not dumb".

    23 0 Reply
    1. Doctor Syntax Silver badge
      Reply Icon

      Re: Oh for Goodness Sake

      "That value for end users is going to have to be "it does something useful". Something like turning the lights on, controlling the heating, monitors for movement whilst the user is away, smart door lock, etc. etc."

      And it also has to do it so much better than existing, simple, alternatives. Given that switches, thermostats and locks have been solved problems for a very long time it narrows down the real user value to a very few use cases and hipsters.

      8 0 Reply
      1. bazza Silver badge
        Reply Icon

        Re: Oh for Goodness Sake

        Absolutely.

        I've tinkered with a few things. Nest thermostat is semi-useful. It's nice to get the house warmed up after a few weeks away by switching it back on whilst I'm still in the airport. The Yale burglar alarm is OK up to a point - clunky software but it works, but fundamentally does nothing more than an SMS capable alarm. The Belkin WeMo things suffer from unreliability (the Android app for it is particularly vile and unreliable) but coupled with IFTTT can be made to switch things off when you leave the house. Won't switch them back on though despite my best efforts with IFTTT rules. IOT lights are really annoying; a light switch is far quicker. And if the light switch is off, naturally you can't turn them back on with your mobile. Kettles? Fridges? Cookers? Can't see the point.

        6 1 Reply
    2. AustinTX
      Reply Icon

      Re: Oh for Goodness Sake

      Why make yourself more useful than the competitors when you can lobby to have yourself made mandatory? That's industry's answer to everything. Senator Greenbuck certainly agrees that those dangerous old lightswitches and outlets should be replaced with dandy new Patriot(tm) gear which sends a nice usage log back to the mfgr. No report app for you, though.

      IoT is going to be a disaster unless laws are passed making sure the equipment is reusable after the original mfgr goes titsup. It would be wise if mfgrs were required to turn over mgmt of obsolete devices to 3rd-party long term support entities. We also need SOHO routers which can restrict IoT device's access to just specific destinations, blocking all Internet access by default.

      1 1 Reply
    3. John Sanders
      Reply Icon
      Holmes

      Re: Oh for Goodness Sake

      Perhaps having 2 VLANs, one that can get out to the interwebs for computers, and another that can not can be helpful here.

      Or do like me, do not connect anything non easily auditable/upgradeable to the interwebs. job done.

      2 1 Reply
      1. AustinTX
        Reply Icon

        Re: Oh for Goodness Sake

        Right, like that. But it needs to be baked into the SOHO routers now. I depend on a horde of ancient internet telephony devices, IP cameras, and other embedded gadgets around the house. For privacy, I have to manually enter their MAC addresses to block their Internet access. This could benefit from automation in the router. And IoT devices need access to at least one cloud service, so those would need a customized, limited hole poked in the firewall for them.

        0 0 Reply
  4. Neoc

    No, no, nope.

    As a consumer, I want local control - no way is my house "checking in" via the internet to some cloud to figure out whether to open the door or turn on the lights. So many things can (and do) go wrong - even the vaunted Clouds suffer from outages, even though "no outages" was part of their selling point.

    I'll accept a local "smart box" which can be taught, preferably by me, to control all of this hardware. But control of all this crap WILL NOT leave my house.

    21 0 Reply
    1. John Geek
      Reply Icon
      Paris Hilton

      re: Neoc: No, no, nope.

      if you're on a 2 week road trip, you won't want to occasionally check with your house and verify everything is good? maybe look at your security cameras, verify the temp/humidity is in range, etc?

      0 3 Reply
      1. Pascal Monett Silver badge
        Reply Icon

        Re: you won't want to occasionally check with your house and verify everything is good?

        No I won't, because I am paying a security service to do that in a proper manner with dedicated equipment, not with an IoT thingatecture security nightmare.

        But I acknowledge that not everyone does that.

        5 1 Reply
      2. John Sanders
        Reply Icon
        Holmes

        Re: re: Neoc: No, no, nope.

        That's what the VPN/SSH/secure portal is for dear.

        1 3 Reply
        1. Neoc
          Reply Icon

          Re: re: Neoc: No, no, nope.

          @John Sanders:

          Read my post again - my biggest beef is *not* that the data is being sent out (although that's probably up there in the top 5) but that *control* over anything in y house requires outside assist... er, interference.

          0 0 Reply
      3. Neoc
        Reply Icon

        Re: re: Neoc: No, no, nope.

        @John Geek:

        Then I'll have a VPN node set up so that I can remote-login to the "smart hub". Which I already do for my ePub collection when I need to get some more books for my Kobo.

        0 0 Reply
      4. Mark 65
        Reply Icon

        Re: re: Neoc: No, no, nope.

        if you're on a 2 week road trip, you won't want to occasionally check with your house and verify everything is good? maybe look at your security cameras, verify the temp/humidity is in range, etc?

        Same way I access my computers from outside - VPN back into your own network. It can be done by phone, tablet, or PC. Then you use the App, web page or whatever control mechanism as if you are on your home computer. That particular access problem was solved a long time ago.

        0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      I'll accept a local "smart box" which can be taught, preferably by me, to control all of this hardware. But control of all this crap WILL NOT leave my house.

      X10.

      We have been there and done that.

      0 0 Reply
    3. Mayhem
      Reply Icon

      I'll accept a local "smart box" which can be taught, preferably by me, to control all of this hardware. But control of all this crap WILL NOT leave my house.

      Exactly. That's what a Honeywell Hawk is for. Effectively you have half a dozen smart control systems in your house - lighting, AV, AC, Security etc. You then put a centralised control module in that can speak to all of them and can be accessed remotely if needed.

      We have hundreds of the damn things in production, and a bunch of engineers whose job it is to write various interface drivers for obscure systems.

      But then, that involves doing things professionally - a Hawk is a couple of grand, and proper BMS setups are designed for interaction.

      Setting up everything at home with a DIY amateur hour setup from Maplin is an entirely different ball game.

      3 0 Reply
    4. Wade Burchette
      Reply Icon

      No, no, nope.

      Agreed.

      However, my main reason for not wanting a smart home or a smart car or a smart TV or a smart anything is security. Nothing is ever completely secure. If I can access it from the internet, then so can potentially billions of other people. If it supports remote updates, could a hacker silently update it and use it in his botnet? Or hack it to use it as an attack vector for other devices? This example is an oversimplification to make a point: A door lock IoT device, for instance, may not support remote updates but local updates. So a hacker could cause the IoT door locks to do a factory reset by using the insecure IoT device. And since many factory resets have the same password, now the hacker knows what the combination is to open your door.

      I told someone about all this, and he glibly dismissed it. "I won't care if someone turns my AC off while I am away," he said. Yeah, but what if a hacker turned it all the way down so it ran all the time? Imagine that electric bill. This is the same "so what" attitude that lets Google, Facebook, Microsoft, et al mine all our private data.

      5 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    "fogs"?

    oh ffs.

    ftfy

    1 0 Reply
    1. Huw D
      Reply Icon

      Re: "fogs"?

      Sorry about the f in fogs...

      0 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    The way round this is

    that corporate don't patch things because:-

    a) they are afraid they will break

    b) they are too old to patch anyway

    c) devices are prevented to connect to internet directly

    d) no one wants to update the tired old knowledgebase constructed from cut'n'paste screenshots once upgraded

    e) the patching process is so convoluted/insecure/manual requiring looking at blinking blue light, steady amber light while holding button a on top and button b underneath while in direct sunlight etc

    the key to this is to minimise the need to update them, and put the logic elsewhere - the "things" should simply have a secure transport layer config and just be a thing...

    1 0 Reply
    1. allthecoolshortnamesweretaken
      Reply Icon

      Re: The way round this is

      " ... the "things" should simply have a secure transport layer config ... "

      And that's where it all falls down again...

      1 0 Reply
      1. bombastic bob Silver badge
        Reply Icon

        Re: The way round this is

        " ... the "things" should simply have a secure transport layer config ... "

        And that's where it all falls down again...

        yeah, theyd probably use MODBUS over TCP or something similar at the local site, for all of the sensors and control devices, then a process on the MODBUS control thingy to either transfer data to the cloud, or allow a cloud-based process to query the data from the 'central' thing.

        If the 'central' thing were properly designed, and the TCP to device connections properly isolated, you wouldn't have a problem. Good luck with THAT happening, though...

        unless you can IPSEC the MODBUS stuff [probably not], then it's just 'in the clear' and anyone/thing can access the devices, once you have access to the private LAN with all of them.

        0 0 Reply
  7. VinceH

    "thingatechtures*

    * Okay, we won't use that one again.

    Quite right.

    It should be thingammitechtures.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      get it right:

      thingummitectures

      3 0 Reply
  8. ecofeco Silver badge

    Stop

    Just stop. There's the solution.

    Cloud. IoT. Both incredibly bad ideas that will not end well.

    Speaking of which, what will be this week's hacked website and security failure?

    3 0 Reply
  9. Steve Davies 3 Silver badge
    FAIL

    The IOT Support model is already there

    Just look at the plethora of unpathed Android phones that out there. Buy a cheapo (and even not so cheap) device and pray that it gets at least one update and that the maker will provide OS upgrades (are you having a larf?)

    So the basic premise of IOT is

    - Ship, ship and to hell with security

    - It's cheap so are you really expecting patches? And for free? Get real

    - Buyer beware (sadly it is being flogged as a solution for an as yet question)

    See Icon for my opinon of IOT.

    As a result, I will not be partaking in this madness. ergo, my Fridge will never be conneted to anything other that the 230V S supply.

    9 1 Reply
    1. John Sanders
      Reply Icon
      Terminator

      Re: The IOT Support model is already there

      >> As a result, I will not be partaking in this madness. ergo, my Fridge will never be conneted to anything other that the 230V S supply.

      AMEN BROTHER!

      https://www.youtube.com/watch?v=U3RjP6_TV0E

      1 1 Reply
  10. IglooDude

    "But you won't have to worry about sending new firmware or security updates to enormous fleets of things. Nor will malware on things be an issue."

    How dumb does a device have to be before it is not a target? If it is remotely accessible and is capable of doing something, it's not dumb enough.

    2 0 Reply
  11. Teiwaz

    In the future we'll have the Internet of Dumb things

    We'll need an up to date list of items that don't come chipped and aren't sending things to the cloud.

    So we can avoid the security and privacy nightmare on the horizon...

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: In the future we'll have the Internet of Dumb things

      We already have the internet of dumb things - humans.

      3 0 Reply
  12. Candy
    Coat

    Patching at scale

    Patching 100,000 isn't all that hard. You just have to plan and resource it right. And be fanatical about standardisation.

    But...

    PCs are a fairly generic block of code and hardware when it comes to patching. Aside from BIOS and driver management, they all run the same OS(es) and pull from the a standard set of applications. IoT, on the other hand, promises to need specific devices for each task, each class of device probably running different code on different hardware.

    I lean strongly towards simple-at-the-edge, clever-at-the-core unless you have a very limited range of devices. I see one of the challenges for a dispersed IoT environment in replacing failed devices. At least Backblaze have them all in nice, easy-to-find racks...

    1 0 Reply

    1. This post has been deleted by its author

  13. Matt Bryant Silver badge
    Go

    thingatechtures

    Please continue to use.

    0 0 Reply
  14. MrTuK
    FAIL

    IOT will be added to anything and everything - you just won't be informed !

    Sadly my title will be true, its a bit like trying to purchase a PC/Laptop which does not have the Trusted PC chip in it !

    Did you request it, did you want it, Can you opt out of having it, but you did pay for it !

    Same will go for home items, they will add them and not switch them on - hopefully !

    People who request a smart device will be told - actually this is a smart device and you just need to do this to switch it on or you just need to do this to access it !

    The first things that were supposed to be smart were TV's, now being an early adopter of Tech (Always the latest and greatest PC's - I built them my self !) when I was looking for a new Samsung 55" TV I was offered a Smart TV and I told him to take a hike !

    I want a TV to be a TV, the only thing of possible smartness would be the ability to have a built in media player but most definitely no other smartness !

    If I want an added feature of Netflix etc I would set up a media box depending on its requirements for added features would depend on what I purchased or built !

    I certainly wouldn't want a smart fridge or cooker or central heating system or anything smart except me but sadly most people are sheep and will fall for the BS about smart stuff reducing leccy bills etc - final note - No way, no how would I ever want or allow a smart leccy meter in my house unless it had no wifi but had a utp network port so that I could monitor stuff then fine but they wouldn't like that because they want the data for themselves and not for you to be able to access it !

    Which is weird because smart TV's were meant to give you a benefit whereas smart leccy meters don't and might adversely effect you either by effecting you due to the wifi itself !!!! or by actually effecting your home wifi signal itself !

    So basically Smart IOT take a long f**king walk on a short f**king pier !!

    0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like